| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: xbud at g0thead.com (xbud) Subject: IPSEC on arm-linux board Speaking of arm anyone have jblend's arm-API's handy? I tried everything legally possible to buy a copy of it from them to play with the jvm on my phone... But no go :< anyone had any success access? On Tuesday 04 May 2004 01:44 am, Pritesh Harivadan Shah wrote: > Dear All, > > We have tested IPSEC on regular linux gateways. > > Now we are testing it on arm-linux board. > > We are able to establish IPSEC SA. But on arm-linux, ping from one end to > other end does not work. > > By tracing, it looks that, ipsec interface takes the packet but does not > through out. > > The moment we stop IPSEC, it starts pinging through interface, which is > attached to IPSEC. Basically packets are dropped by IPSEC interface, as per > log enclsoed and our observation. > > Enclosed below log file with KLIPSDEbug on. Any help is appreciated.. I > suspect some problem either kernel level, or with > freeswan version. We are using freeswan 1.99 cross compiled one for arm > board. > > ******************************** LOG FILE START > > klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0. > klips_debug:ipsec_tunnel_hard_header: Revectored 0x00000000->0xc0b201c8 > len=60 t > ype=2048 dev=ipsec0->wan dev_addr=00:01:03:13:96:ef ip=1e1e1e01->28282801 > klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=74 > hard_header_len:14<6>klips_ > debug: IP: ihl:20 ver:4 tos:0 tlen:60 id:35719 frag_off:0 ttl:127 proto:1 > (ICM > P) chk:9202 saddr:30.30.30.1 daddr:40.40.40.1 type:code=8:0 > klips_debug:ipsec_findroute: 30.30.30.1->40.40.40.1 > klips_debug:rj_match: * See if we match exactly as a host destination > klips_debug:rj_match: ** try to match a leaf, t=0xc09a4580 > klips_debug:ipsec_findroute: found, points to proto=4, spi=1004, > dst=c0a80a3c. > klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet > saddr > =1e1e1e01, er=c09a4580, daddr=28282801, er_dst=c0a80a3c, proto=1 sport=0 > dport=0 > > klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 18,1988 > klips_debug:gettdb: linked entry in tdb table for hash=18 of > SA:tun0x1004@....16 > 8.10.60 requested. > klips_debug:ipsec_tunnel_start_xmit: found Tunnel Descriptor Block -- > SA:<IPIP> > tun0x1004@....168.10.60 > klips_debug:ipsec_tunnel_start_xmit: calling room for <IPIP>, > SA:tun0x1004@....1 > 68.10.60 > klips_debug:ipsec_tunnel_start_xmit: Required head,tailroom: 20,0 > klips_debug:ipsec_tunnel_start_xmit: TDB in dead state for > SA:<ESP_3DES_HMAC_MD5 > ? esp0xe42b83e@....168.10.60, can no longer be used, dropping packet. > > ************************************* LOG FILE END > > Regards > > Pritesh > > "As a well spent day brings happy sleep, so life well used brings happy > death." - Leonardo da Vinci > > TATA ELXSI DISCLAIMER: > The information contained in this message may be CONFIDENTIAL and is for > the intended addressee only. Any unauthorized use, dissemination of the > information, or copying of this message is prohibited. If you are not the > intended addressed, please notify the sender immediately and delete this > message. > > -------------------------------- > Tata Elxsi Ltd, Bangalore, India > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists